what is Qualitative and Quantitative risk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-21-2024 07:48 PM
Can anyone say,what is Qualitive and Quantitive risk in servicenow GRC?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-21-2024 10:01 PM
Hi @Nithya Devi - Risks, in themselves, aren’t qualitative or quantitative, but when you assess/evaluate a risk, you use method(s) that are either qualitative or quantitative.
How that works is: qualitative risk analysis is based on a person’s perception or judgment, while quantitative risk analysis is based on verified and specific data.
That’s a very general explanation. If there’s something specific you would like to know about how qualitative or quantitative risk assessments are applied within ServiceNow GRC, don’t hesitate to hit reply!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-24-2024 06:17 AM
@simon.Thanks for the explanation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-21-2024 11:42 PM
Hi @Nithya Devi ,
Sure, Quantitative is measurable where qualitative is a persons judgement (not measurable).
If my answer has helped with your question, please mark my answer as accepted solution and give a thumb up.
best regards
Anders
If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.
Best regards
Anders
Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-23-2024 07:51 PM
Hi @Nithya Devi ,
Risks are scored during an assessment and then a rating is derived. Ratings are of three kinds: qualitative, semi-quantitative, and quantitative.
Qualitative rating
Qualitative risk assessments rely on the assessor's perceptions of the probability and impact of a risk. If the method is purely qualitative, then the ratings are based on the list values such as high, medium, or low. In this case, the risk scores do not roll up. Because this method has minimal mathematical dependency, qualitative risk assessment is easy and quick to perform. This method also enables an organization to take advantage of the assessor's experienced knowledge of the process or asset that is being assessed. Users who are new to risk assessments usually use this kind of rating.
Semi-quantitative rating
In a semi-quantitative rating, the qualitative ratings also have a corresponding numerical scale. For example, if the quantitative risk score is between 0-10, then the qualitative rating is low. Users who use this type of rating are not new to risk assessments. Most users belong to this category. In this category, the risk scores roll up and the risk appetite is qualitative in nature.
Quantitative rating
A quantitative risk assessment focuses on data that is fact-based, measurable, and highly mathematical. In a quantitative risk rating that uses advanced simulation techniques, the risk is quantified in purely numerical terms. In this category, the risk appetite is quantitative in nature.